Jump to content

google redirect virus


Recommended Posts

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

I have the same symptoms. I've tried to DDS but it hangs windows and I have to crash the system to restart it - it prints 3/4 of a line of #'s until it gets under the 't' if 'it', then hangs. Process Explorer and Task Manager show DDS.scr & the .dat process but also hang. If DDS is supposed to show the open processes and anyone knows how to get a list from Process Explorer or Task Manager let me know and I'll post that.

Apart from that, I tried to run malwarebytes in the protection mode which sometimes, but not always, traps the re-direction and pops up a box over the Windows task bar, HOWEVER a big minus is I can't boot with both protection mode and McAfee enabled - if I switch it on manually after boot and the system dies or has to be shut down it's a royal P.I.T.A. to get it back up involving safe mode & msconfig.

Also, neither malwarebytes, MS Security Essentials or McAfee (all are up-to-date) don't report any other problems from a full system scan.

Anyone any other ideas I can try?

Thanks,

Bernard

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7364

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

8/3/2011 2:53:33 PM

mbam-log-2011-08-03 (14-53-33).txt

Scan type: Quick scan

Objects scanned: 294412

Time elapsed: 1 hour(s), 53 minute(s), 22 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 1

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

c:\WINDOWS\system32\olecnv3232.exe (Trojan.Agent) -> 3692 -> Unloaded process successfully.

c:\WINDOWS\system32\atmpvcno32.exe (Trojan.Agent) -> 5968 -> Unloaded process successfully.

Memory Modules Infected:

c:\WINDOWS\system32\atmpvcno32.dll (Trojan.Tracur) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{0C38D855-6371-47EC-981C-D2B269977DAe} (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C38D855-6371-47EC-981C-D2B269977DAE} (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0C38D855-6371-47EC-981C-D2B269977DAE} (Trojan.Tracur) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\system32\atmpvcno32.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\patrick.patrick-f86ea42\local settings\temp\tmph6320589686471267337.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\WINDOWS\system32\atmpvcno32.dll (Trojan.Tracur) -> Delete on reboot.

Link to post
Share on other sites

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_23

Run by patrick at 13:15:33 on 2011-08-03

.

============== Running Processes ===============

.

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\sm56hlpr.exe

C:\Program Files\Common Files\AOL\1214003073\ee\AOLSoftware.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\BroadJump\Client Foundation\CFD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Walgreens PictureMover\Bin\PictureMover.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC09.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\olecnv3232.exe

C:\WINDOWS\system32\atmpvcno32.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\program files\aol radio toolbar\aolradiotbServer.exe

c:\program files\aol\aol toolbar 5.0\AolTbServer.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

C:\Documents and Settings\patrick.PATRICK-F86EA42\My Documents\Downloads\dds.scr

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.aol.com

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

mURLSearchHooks: AOL Radio Toolbar Search Class: {69224684-5682-419b-9fe4-ef7946ee3319} - c:\program files\aol radio toolbar\aolradiotb.dll

BHO: {0c38d855-6371-47ec-981c-d2b269977dae} - c:\windows\system32\atmpvcno32.dll

BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\alot.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AOL Radio Toolbar Loader: {2abdb2f7-4cbf-4939-ba12-fddc827b6a2d} - c:\program files\aol radio toolbar\aolradiotb.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: AOL Radio Toolbar: {9167da98-6f9b-46f1-991d-826cae46cab6} - c:\program files\aol radio toolbar\aolradiotb.dll

TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll

TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10i_Plugin.exe -update plugin

mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe

mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"

mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"

mRun: [sMSERIAL] sm56hlpr.exe

mRun: [HostManager] c:\program files\common files\aol\1214003073\ee\AOLSoftware.exe

mRun: [Pure Networks Port Magic] "c:\progra~1\purene~1\portma~1\PortAOL.exe" -Run

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [LXCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,_RunDLLEntry@16

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [bJCFD] c:\program files\broadjump\client foundation\CFD.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

IE: &AOL Radio Toolbar Search - c:\documents and settings\all users.windows\application data\aol radio toolbar\ietoolbar\resources\en-us\local\search.html

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214057488901

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{AECDA031-CCFC-47B0-815A-348F43E328A9} : DhcpNameServer = 192.168.1.1

Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\patrick.patrick-f86ea42\application data\mozilla\firefox\profiles\ewio7qmf.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: XUL Cache: {f3f66abf-0d5a-450e-bf86-d66b49c18f08} - %profile%\extensions\{f3f66abf-0d5a-450e-bf86-d66b49c18f08}

FF - Ext: XUL Cache: {91eea156-5e5c-4fe7-b774-ac12a1c042fd} - %profile%\extensions\{91eea156-5e5c-4fe7-b774-ac12a1c042fd}

.

============= SERVICES / DRIVERS ===============

.

R? EraserUtilDrv10910;EraserUtilDrv10910

R? gupdate;Google Update Service (gupdate)

R? gupdatem;Google Update Service (gupdatem)

R? SavRoam;SavRoam

S? ccEvtMgr;Symantec Event Manager

S? ccSetMgr;Symantec Settings Manager

S? EraserUtilRebootDrv;EraserUtilRebootDrv

S? MBAMProtector;MBAMProtector

S? MBAMService;MBAMService

S? MBAMSwissArmy;MBAMSwissArmy

S? NAVENG;NAVENG

S? NAVEX15;NAVEX15

S? SAVRT;SAVRT

S? SAVRTPEL;SAVRTPEL

S? Symantec AntiVirus;Symantec AntiVirus

S? WmiApSrv32;WMI Performance Adapter

.

=============== Created Last 30 ================

.

2011-07-29 18:51:34 540160 ------w- c:\windows\system32\atmpvcno32.exe

2011-07-29 18:51:30 540160 ------w- c:\windows\system32\olecnv3232.exe

2011-07-29 18:51:24 343040 ----a-w- c:\windows\system32\atmpvcno32.dll

2011-07-22 15:50:54 -------- d-----w- c:\documents and settings\patrick.patrick-f86ea42\application data\Malwarebytes

2011-07-22 15:50:39 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-22 15:50:36 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes

2011-07-22 15:50:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-22 15:50:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-22 15:47:56 0 ---ha-w- c:\documents and settings\patrick.patrick-f86ea42\ryavnfaibk.tmp

2011-07-14 17:05:28 -------- d-----w- c:\documents and settings\patrick.patrick-f86ea42\local settings\application data\Temp

2011-07-11 13:31:41 -------- d-----w- c:\documents and settings\patrick.patrick-f86ea42\dwhelper

.

==================== Find3M ====================

.

2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 13:26:28.69 ===============

Link to post
Share on other sites

  • Staff

Hi,

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

I just had a similar problem so I thought I would offer my solution.

hit ctrl+shift+A

and see if there is an add-on called:

Xul cache 1.0

If so, disable it. Worked for me. This one came in thru a java script on my computer. What a pain in the A$$ it was to find.

I meant to say that this is in firefox.

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7410

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

8/8/2011 1:31:39 PM

mbam-log-2011-08-08 (13-31-39).txt

Scan type: Quick scan

Objects scanned: 294210

Time elapsed: 45 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

ComboFix 11-08-07.03 - patrick 08/09/2011 14:44:28.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.168 [GMT -4:00]

Running from: c:\documents and settings\patrick.PATRICK-F86EA42\My Documents\Downloads\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\autorun.inf

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\BrowserSearch\BrowserSearch.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\BrowserSearch\BrowserSearch.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_0\Button_0.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_0\Button_0.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_1\Button_1.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_1\Button_1.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_2\Button_2.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_2\Button_2.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_201\Button_201.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_201\Button_201.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_202\Button_202.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_202\Button_202.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_203\Button_203.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_203\Button_203.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_204\Button_204.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_204\Button_204.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_205\Button_205.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_205\Button_205.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_206\Button_206.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_206\Button_206.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_207\Button_207.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_207\Button_207.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_208\Button_208.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Button_208\Button_208.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\configurator\configurator.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\configurator\configurator.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\contextMenu\contextMenu.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\contextMenu\contextMenu.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\postInstallLayout\postInstallLayout.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\postInstallLayout\postInstallLayout.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\products\products.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\products\products.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\BrowserSearch\alot_search_defend.html

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\BrowserSearch\images\favicon.ico

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_0\images\alot_logo_button.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_0\images\alot_logo_button.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_1\images\alot_image_search.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_1\images\alot_image_search.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_1\images\alot_news_search.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_1\images\alot_news_search.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_1\images\alot_search_button.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_1\images\alot_search_button.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_1\images\alot_shop_search.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_1\images\alot_shop_search.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_1\images\alot_videos_search.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_1\images\alot_videos_search.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_1\images\alot_web_search.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_1\images\alot_web_search.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_10\images\2822_icon.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_10\images\2822_icon.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_2\images\alot_configure.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_2\images\alot_configure.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_201\images\default_1004_alot_lot_results.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_201\images\default_1004_alot_lot_results.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_202\images\3161_icon.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_202\images\3161_icon.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_203\images\3323_icon.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_203\images\3323_icon.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_204\images\1285_icon.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_204\images\1285_icon.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_204\images\default_1013_alot_cas_playgames.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_204\images\default_1013_alot_cas_playgames.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_205\images\default_2254_email.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_205\images\default_2254_email.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_205\images\icon_configure.JPG

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\alert-icon.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\clear.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\cloudy.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\default_1007_alot_weather_widget.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\default_1007_alot_weather_widget.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\foggy.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\frain.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\haze.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\mcloud.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\nclear.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\nhaze.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\nmcloud.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\nsnow.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\pcloud.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\rain.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\shower.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\snow.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_206\images\tstorm.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_207\images\1689_icon.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_207\images\1689_icon.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_207\images\default_1689_alot_mrkt_starpulse.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_207\images\default_1689_alot_mrkt_starpulse.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_208\images\2822_icon.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_208\images\2822_icon.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_3\images\default_1004_alot_lot_results.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_3\images\default_1004_alot_lot_results.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_4\images\3161_icon.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_4\images\3161_icon.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_5\images\3323_icon.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_5\images\3323_icon.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_6\images\1285_icon.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_6\images\1285_icon.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_6\images\default_1013_alot_cas_playgames.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_6\images\default_1013_alot_cas_playgames.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_7\images\default_2254_email.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_7\images\default_2254_email.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_7\images\icon_configure.JPG

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\alert-icon.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\clear.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\cloudy.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\default_1007_alot_weather_widget.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\default_1007_alot_weather_widget.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\foggy.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\frain.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\mcloud.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\nclear.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\nmcloud.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\nsnow.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\pcloud.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\rain.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\shower.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\snow.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_8\images\tstorm.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_9\images\1689_icon.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_9\images\1689_icon.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_9\images\default_1689_alot_mrkt_starpulse.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Button_9\images\default_1689_alot_mrkt_starpulse.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\contextMenu\images\alot_icon.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\contextMenu\images\alot_icon.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\contextMenu\images\alot_logo_button.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\contextMenu\images\alot_logo_button.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\domains.dat

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\alot_brand.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\alot_splitter.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\discover.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\intro_popup.png

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\spinner.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\widget_bottom.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\widget_btnclose0.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\widget_btnclose1.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\widget_btnconfig0.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\widget_btnconfig1.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\widget_btnrefresh0.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\widget_btnrefresh1.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\widget_caption.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\widget_error_bg.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\widget_error_close.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Resources\Shared\images\widget_error_icon.bmp

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\TimerManager\TimerManager.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\TimerManager\TimerManager.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\toolbar.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\toolbar.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\toolbarContextMenu\toolbarContextMenu.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\ToolbarSearch\ToolbarSearch.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\ToolbarSearch\ToolbarSearch.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Updater\Updater.xml

c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\alot\Updater\Updater.xml.backup

c:\documents and settings\patrick.PATRICK-F86EA42\Local Settings\Application Data\i18Commonmm\WdMain64.dll

c:\documents and settings\patrick.PATRICK-F86EA42\ryavnfaibk.tmp

c:\documents and settings\patrick.PATRICK-F86EA42\System

c:\documents and settings\patrick.PATRICK-F86EA42\System\win_qs8.jqx

c:\documents and settings\PATRICK\WINDOWS

C:\Install.exe

c:\program files\AWS\WEATHE~1\MINIBU~1.DLL

C:\readme.txt

C:\setup.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-07-09 to 2011-08-09 )))))))))))))))))))))))))))))))

.

.

2011-08-08 18:57 . 2011-08-09 19:10 -------- d-----w- c:\documents and settings\patrick.PATRICK-F86EA42\Local Settings\Application Data\i18Commonmm

2011-07-22 15:50 . 2011-07-22 15:50 -------- d-----w- c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\Malwarebytes

2011-07-22 15:50 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-22 15:50 . 2011-07-22 15:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2011-07-22 15:50 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-22 15:50 . 2011-07-22 15:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-14 17:05 . 2011-07-14 17:05 -------- d-----w- c:\documents and settings\patrick.PATRICK-F86EA42\Local Settings\Application Data\Temp

2011-07-14 16:40 . 2011-07-14 16:40 -------- d-----w- c:\program files\Common Files\Adobe AIR

2011-07-11 13:31 . 2011-07-23 03:21 -------- d-----w- c:\documents and settings\patrick.PATRICK-F86EA42\dwhelper

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-02 14:02 . 2004-08-04 04:17 1858944 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-05 49152]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]

"SMSERIAL"="sm56hlpr.exe" [2004-12-29 544768]

"HostManager"="c:\program files\Common Files\AOL\1214003073\ee\AOLSoftware.exe" [2008-06-24 41824]

"Pure Networks Port Magic"="c:\progra~1\PURENE~1\PORTMA~1\PortAOL.exe" [2004-04-05 99480]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-05-27 124656]

"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-19 98304]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\

Walgreens PictureMover.lnk - c:\program files\Walgreens PictureMover\Bin\PictureMover.exe [2010-5-4 1024056]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\AOL 9.1a\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\AOL\\1214003073\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\1214003073\\EE\\aolsoftware.exe"=

"c:\\WINDOWS\\system32\\mshta.exe"=

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/22/2011 11:50 AM 366640]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/8/2011 7:10 AM 105592]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/22/2011 11:50 AM 22712]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2011 12:42 PM 136176]

S3 EraserUtilDrv10910;EraserUtilDrv10910;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10910.sys [?]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2011 12:42 PM 136176]

S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [5/27/2006 4:40 AM 115952]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - MBAMSwissArmy

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 16:41]

.

Link to post
Share on other sites

2011-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-14 16:41]

.

2011-08-07 c:\windows\Tasks\Norton Security Scan for patrick.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 09:18]

.

2011-08-08 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-08-26 13:53]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com

uInternet Connection Wizard,ShellNext = iexplore

IE: &AOL Radio Toolbar Search - c:\documents and settings\All Users.WINDOWS\Application Data\AOL Radio Toolbar\ieToolbar\resources\en-US\local\search.html

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\documents and settings\patrick.PATRICK-F86EA42\Application Data\Mozilla\Firefox\Profiles\ewio7qmf.default\

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

.

- - - - ORPHANS REMOVED - - - -

.

HKCU-Run-WdMain64 - c:\documents and settings\patrick.PATRICK-F86EA42\Local Settings\Application Data\i18Commonmm\WdMain64.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-09 15:17

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Completion time: 2011-08-09 15:24:58

ComboFix-quarantined-files.txt 2011-08-09 19:24

.

Pre-Run: 14,002,184,192 bytes free

Post-Run: 16,226,004,992 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 57DE4DF663BEB00C9FB29352187FAA03

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 3 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.